The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Anyone seeing IMAP over SSL issues?

Discussion in 'E-mail Discussions' started by jerrybell, Oct 14, 2007.

  1. jerrybell

    jerrybell Well-Known Member

    Joined:
    Nov 27, 2006
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    6
    I am running WHM current on Freebsd 6.2. Within the last few days, I have started seeing this error in /var/log/maillog whenever anyone tries to check mail via imap over ssl:


    Oct 14 13:17:26 www2 imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
    Oct 14 13:17:26 www2 imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
    Oct 14 13:22:28 www2 imapd-ssl: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number


    From a client perspective, the check for mail just flatly fails.

    I have opened a bug in bugzilla - #6003 in case anyone is interested or experiencing the same issue.

    Here is my version info:
    WHM 11.11.0 cPanel 11.15.0-C17665
    FREEBSD 6.2-RELEASE i386 on standard - WHM X v3.1.0

    I have restarted the courier service, and I have performed a "upgrade to latest
    version" with the "force a reinstall even if the system is up to date" option
    checked in an attempt to resolve the problem.
     
  2. tprice42

    tprice42 Active Member

    Joined:
    Sep 10, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Hi, i'm having the same problem for the last couple of days. It's affecting my courier pop3d-ssl daemon on freebsd 5.4. Currently working through a fix attempt so will keep all updated.
     
  3. tprice42

    tprice42 Active Member

    Joined:
    Sep 10, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    Ok here's the deal:

    The latest upgrade to courier took me to this version:

    courier-authlib-0.60.2 Meta-port for the courier authentication library
    courier-authlib-base-0.60.2 Courier authentication library base
    courier-imap-4.2.1,1 IMAP (and POP3) server that provides access to Maildir mail

    Looks like the problems started with version 0.60.0 and can be fixed by editing the following files:

    /usr/local/etc/courier-imap/pop3d-ssl
    /usr/local/etc/courier-imap/imapd-ssl

    and changing:

    TLS_PROTOCOL=SSL3

    to:

    TLS_PROTOCOL=SSL23

    Tested on my server and works fine
     
  4. Kionic

    Kionic Member
    PartnerNOC

    Joined:
    Dec 7, 2005
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Wichita, KS
    Thank you, tprice42!!! Was a great help for us.
     
  5. ChrisHardie

    ChrisHardie Registered

    Joined:
    May 14, 2007
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    restart required too

    Just in case it wasn't obvious, you'll have to restart the related daemons for this to take effect:

    /usr/local/etc/rc.d/courier-imap-pop3d-ssl.sh restart
    /usr/local/etc/rc.d/courier-imap-imapd-ssl.sh restart

    That's what we did (on FreeBSD, your paths may vary), and SSL pop/imap logins started working again.

    Thanks!
    Chris
     
  6. nzrubyrock

    nzrubyrock Member

    Joined:
    Jan 25, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Same problem here - same solution fixed it - Many Thanks!

    Strangely enough for me it didn't affect checking pop3 ssl from Thunderbird 2.0 - it only stopped Outlook Express 6 from logging in correctly. Go Thunderbird!

    Thanks again.
     
  7. akrzystek

    akrzystek Member

    Joined:
    Jul 8, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Same problem, same fix here (WHM 11.11.0 cPanel 11.15.0-R18033 FREEBSD 5.4-RELEASE i386 on standard - WHM X v3.1.0)

    Thank you too!

    note to cPanel staff:
    "WHM >> Main >> Service Configuration >> Courier Configuration" seems to ignore the setting "Imap TLS/SSL Protocol" and "Pop3 TLS/SSL Protocol", possible bug?
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    First time I've heard of that myself. I'd recommend contacting your cPanel Licensing Provider and having them take a look at that for you.
     
  9. idealso

    idealso Active Member

    Joined:
    Mar 1, 2007
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Same problem, same fix, using WHM 11.11.0 cPanel 11.15.0-R18264, FREEBSD 5.3-RELEASE i386 on standard - WHM X v3.1.0

    If you look closely at Courier Configuration, you'll notice that after you make these changes, it says "Only permit SSLv2 connections". So I wouldn't say it's ignoring the setting. It's just applying it incorrectly.
     
  10. akrzystek

    akrzystek Member

    Joined:
    Jul 8, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I can confirm this, the html form seems to have an incorrect mapping of "value" and "text" too.

    Code:
    <th>Imap TLS/SSL Protocol</th>
    <td><select name="imapd-ssl-TLS_PROTOCOL">
    <option  value="SSL2">Only permit SSLv2 connections</option>
    <option  value="SSL3">Permit SSL v2 or v3 connections and TLSv1 connections</option>
    <option  value="TLS1">Only permit TLSv1 connections</option>
    </select></td>
    
     
  11. akrzystek

    akrzystek Member

    Joined:
    Jul 8, 2005
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    Well, afaik that is cPanel.net. :rolleyes:
    I'm just the techie of the guy who bought WHM/cPanel, but I will send him a note.

    Thanks,
    Thomas
     
  12. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Sounds good. Not everyone acquires their licensing directly from cPanel. If you had acquired your license through a reseller, then you would contact your reseller for support.
     
  13. mrcpu

    mrcpu Member

    Joined:
    Feb 7, 2005
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Last night when my FreeBSD box updated, all my SSL IMAP's stopped working. I tried
    the above fix, but it didn't seem to fix anything.

    Even local webmail won't work, it says "IMAP server dropped connection", *but*
    telnet to localhost 143 works, and connections via imap with thunderbird and such
    work just fine.

    Only webmail and MacMail clients seem to be affected. OE, TBIRD and everybody
    can connect.

    Kind of a stumper...
     
Loading...

Share This Page